From cb3fee441fc912408be7049bf862c797599ad6ec Mon Sep 17 00:00:00 2001 From: smarcet Date: Fri, 19 Oct 2018 12:00:43 -0700 Subject: [PATCH] Migration to PHP 7.x * updated dependencies * updated LV version to 5.6 Depends-On: https://review.openstack.org/629495 Depends-On: https://review.openstack.org/629896 Change-Id: Iacf81dd65d71102ad0660c5c2bdd6633bf727ec0 --- .gitignore | 3 +- .../Controllers/Api/ApiEndpointController.php | 8 +- .../Api/OAuth2/OAuth2UserApiController.php | 2 +- app/Http/Controllers/Controller.php | 4 +- .../OAuth2/OAuth2ProviderController.php | 2 +- app/Http/Controllers/UserController.php | 78 +++++---- app/Http/Middleware/CORSMiddleware.php | 6 +- .../Middleware/CheckForMaintenanceMode.php | 17 ++ .../CurrentUserCanEditOAuth2Client.php | 4 +- .../CurrentUserCheckRouteParams.php | 4 +- .../CurrentUserOwnsOAuth2Client.php | 4 +- app/Http/Middleware/EncryptCookies.php | 32 +++- ...Auth2BearerAccessTokenRequestValidator.php | 5 +- .../Middleware/RedirectIfAuthenticated.php | 4 +- app/Http/Middleware/TrimStrings.php | 18 ++ app/Http/Middleware/TrustProxies.php | 23 +++ app/Http/Middleware/VerifyCsrfToken.php | 4 +- app/Models/OAuth2/ServerPrivateKey.php | 4 +- app/Providers/AppServiceProvider.php | 9 +- app/Providers/AuthServiceProvider.php | 5 +- app/Providers/EventServiceProvider.php | 8 +- app/Providers/RouteServiceProvider.php | 4 +- app/Services/OAuth2/ApiEndpointService.php | 15 +- .../OAuth2/HttpIClientJWKSetReader.php | 7 +- app/Services/OAuth2/PrincipalService.php | 4 +- .../OAuth2/ServerPrivateKeyService.php | 6 +- .../OpenIdMementoSessionSerializerService.php | 1 - app/Services/OpenId/TrustedSitesService.php | 2 +- app/Services/Utils/UtilsProvider.php | 6 +- app/Validators/CustomValidator.php | 20 +-- app/libs/Auth/AuthService.php | 6 +- .../GrantTypes/InteractiveGrantType.php | 5 +- .../OAuth2/Services/IApiEndpointService.php | 6 + app/libs/Utils/RequestUtils.php | 45 +++++ artisan | 6 +- bindep.txt | 31 ++-- composer.json | 155 ++++++++++-------- config/app.php | 15 -- config/hashing.php | 52 ++++++ config/logging.php | 81 +++++++++ config/session.php | 17 ++ database/factories/UserFactory.php | 23 +++ package-lock.json | 33 ++-- phpunit.xml | 2 +- .../profile/admin/server-private-keys.js | 2 +- .../oauth2/profile/edit-client-public-keys.js | 2 +- server.php | 2 +- tests/ApiEndpointTest.php | 19 ++- tests/ApiScopeTest.php | 32 ++-- tests/ApiTest.php | 18 +- tests/AssociationServiceTest.php | 25 ++- tests/BrowserKitTestCase.php | 54 ++++++ tests/CacheServiceStub.php | 16 +- tests/ClientApiTest.php | 4 +- tests/ClientPublicKeyApiTest.php | 4 +- tests/CreatesApplication.php | 34 ++++ tests/CustomAuthProviderTest.php | 2 +- tests/DiffieHellmanTest.php | 15 +- tests/DiscoveryControllerTest.php | 19 ++- tests/Feature/ExampleTest.php | 21 +++ tests/OAuth2ProtectedApiTest.php | 4 +- tests/OAuth2ProtocolTest.php | 36 ++-- tests/OAuth2UserServiceApiTest.php | 16 +- tests/OIDCProtocolTest.php | 6 +- tests/OpenIdProtocolTest.php | 34 ++-- tests/OpenStackIDBaseTest.php | 5 +- tests/ResourceServerApiTest.php | 17 +- tests/StubServerConfigurationService.php | 1 - tests/TestCase.php | 69 ++------ tests/TokenRepositoryTest.php | 7 +- tests/TrustedSitesServiceTest.php | 31 ++-- tests/Unit/ExampleTest.php | 19 +++ tests/UserGeneratorServiceTest.php | 9 +- tests/UserServiceTest.php | 6 +- tests/UserTest.php | 4 +- tests/XRDSDocumentTest.php | 4 +- webpack.mix.js | 15 ++ 77 files changed, 931 insertions(+), 407 deletions(-) create mode 100644 app/Http/Middleware/CheckForMaintenanceMode.php create mode 100644 app/Http/Middleware/TrimStrings.php create mode 100644 app/Http/Middleware/TrustProxies.php create mode 100644 app/libs/Utils/RequestUtils.php create mode 100644 config/hashing.php create mode 100644 config/logging.php create mode 100644 database/factories/UserFactory.php create mode 100644 tests/BrowserKitTestCase.php create mode 100644 tests/CreatesApplication.php create mode 100644 tests/Feature/ExampleTest.php create mode 100644 tests/Unit/ExampleTest.php create mode 100644 webpack.mix.js diff --git a/.gitignore b/.gitignore index 6b3207ed..ac3af76b 100644 --- a/.gitignore +++ b/.gitignore @@ -32,4 +32,5 @@ public/assets/css/index.css /public/assets/pwstrength-bootstrap/ /public/assets/sweetalert2/ /public/assets/urijs -/public/assets/uri.js \ No newline at end of file +/public/assets/uri.js +_intellij_phpdebug_validator.php \ No newline at end of file diff --git a/app/Http/Controllers/Api/ApiEndpointController.php b/app/Http/Controllers/Api/ApiEndpointController.php index 246c946c..06f338a9 100644 --- a/app/Http/Controllers/Api/ApiEndpointController.php +++ b/app/Http/Controllers/Api/ApiEndpointController.php @@ -20,6 +20,7 @@ use OAuth2\Exceptions\InvalidApiEndpoint; use OAuth2\Exceptions\InvalidApiScope; use OAuth2\Repositories\IApiEndpointRepository; use OAuth2\Services\IApiEndpointService; +use Utils\Exceptions\EntityNotFoundException; use Utils\Services\ILogService; /** @@ -65,7 +66,12 @@ class ApiEndpointController extends AbstractRESTController implements ICRUDContr $data = $api_endpoint->toArray(); $data['scopes'] = $scopes->toArray(); return $this->ok($data); - } catch (Exception $ex) { + } + catch (EntityNotFoundException $ex1) { + $this->log_service->warning($ex1); + return $this->error404($ex1); + } + catch (Exception $ex) { $this->log_service->error($ex); return $this->error500($ex); } diff --git a/app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php b/app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php index af08117a..a8671c81 100644 --- a/app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php +++ b/app/Http/Controllers/Api/OAuth2/OAuth2UserApiController.php @@ -57,7 +57,7 @@ class OAuth2UserApiController extends OAuth2ProtectedController IdTokenBuilder $id_token_builder ) { - parent::__construct($resource_server_context,$log_service); + parent::__construct($resource_server_context, $log_service); $this->user_service = $user_service; $this->client_repository = $client_repository; diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php index 6979db15..e7b97c16 100644 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -15,13 +15,11 @@ use Illuminate\Foundation\Bus\DispatchesJobs; use Illuminate\Routing\Controller as BaseController; use Illuminate\Foundation\Validation\ValidatesRequests; use Illuminate\Foundation\Auth\Access\AuthorizesRequests; -use Illuminate\Foundation\Auth\Access\AuthorizesResources; - /** * Class Controller * @package App\Http\Controllers */ class Controller extends BaseController { - use AuthorizesRequests, AuthorizesResources, DispatchesJobs, ValidatesRequests; + use AuthorizesRequests, DispatchesJobs, ValidatesRequests; } diff --git a/app/Http/Controllers/OAuth2/OAuth2ProviderController.php b/app/Http/Controllers/OAuth2/OAuth2ProviderController.php index 5810f08e..0ee0360a 100644 --- a/app/Http/Controllers/OAuth2/OAuth2ProviderController.php +++ b/app/Http/Controllers/OAuth2/OAuth2ProviderController.php @@ -68,7 +68,7 @@ final class OAuth2ProviderController extends Controller { $this->oauth2_protocol = $oauth2_protocol; $this->auth_service = $auth_service; - $this->client_repository = $client_repository; + $this->client_repository = $client_repository; } /** diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 575dc81b..1c4d4974 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -111,6 +111,11 @@ final class UserController extends OpenIdController */ private $utils_configuration_service; + /** + * @var ISecurityContextService + */ + private $security_context_service; + /** * UserController constructor. * @param IMementoOpenIdSerializerService $openid_memento_service @@ -160,51 +165,56 @@ final class UserController extends OpenIdController $this->token_service = $token_service; $this->resource_server_service = $resource_server_service; $this->utils_configuration_service = $utils_configuration_service; + $this->security_context_service = $security_context_service; - if ($this->openid_memento_service->exists()) - { - //openid stuff - $this->login_strategy = new OpenIdLoginStrategy - ( - $openid_memento_service, - $user_action_service, - $auth_service - ); + $this->middleware(function ($request, $next) { + if ($this->openid_memento_service->exists()) + { + //openid stuff + $this->login_strategy = new OpenIdLoginStrategy + ( + $this->openid_memento_service, + $this->user_action_service, + $this->auth_service + ); - $this->consent_strategy = new OpenIdConsentStrategy - ( - $openid_memento_service, - $auth_service, - $server_configuration_service, - $user_action_service - ); + $this->consent_strategy = new OpenIdConsentStrategy + ( + $this->openid_memento_service, + $this->auth_service, + $this->server_configuration_service, + $this->user_action_service + ); - } - else if ($this->oauth2_memento_service->exists()) - { + } + else if ($this->oauth2_memento_service->exists()) + { $this->login_strategy = new OAuth2LoginStrategy ( - $auth_service, - $oauth2_memento_service, - $user_action_service, - $security_context_service + $this->auth_service, + $this->oauth2_memento_service, + $this->user_action_service, + $this->security_context_service ); $this->consent_strategy = new OAuth2ConsentStrategy ( - $auth_service, - $oauth2_memento_service, - $scope_repository, - $client_repository + $this->auth_service, + $this->oauth2_memento_service, + $this->scope_repository, + $this->client_repository ); - } - else - { - //default stuff - $this->login_strategy = new DefaultLoginStrategy($user_action_service, $auth_service); - $this->consent_strategy = null; - } + } + else + { + //default stuff + $this->login_strategy = new DefaultLoginStrategy($this->user_action_service, $this->auth_service); + $this->consent_strategy = null; + } + + return $next($request); + }); } public function getLogin() diff --git a/app/Http/Middleware/CORSMiddleware.php b/app/Http/Middleware/CORSMiddleware.php index ab7b02ed..db26139e 100644 --- a/app/Http/Middleware/CORSMiddleware.php +++ b/app/Http/Middleware/CORSMiddleware.php @@ -1,5 +1,4 @@ headers->get('Access-Control-Request-Method'); - $route_path = Route::getCurrentRoute()->getPath(); + $route_path = RequestUtils::getCurrentRoutePath($request); if (strpos($route_path, '/') != 0) $route_path = '/' . $route_path; diff --git a/app/Http/Middleware/CheckForMaintenanceMode.php b/app/Http/Middleware/CheckForMaintenanceMode.php new file mode 100644 index 00000000..35b9824b --- /dev/null +++ b/app/Http/Middleware/CheckForMaintenanceMode.php @@ -0,0 +1,17 @@ +getParameter('id'); + $client_id = $route->parameter('id'); if(is_null($client_id)) - $client_id = $route->getParameter('client_id'); + $client_id = $route->parameter('client_id'); if(is_null($client_id)) $client_id = Input::get('client_id',null);; diff --git a/app/Http/Middleware/CurrentUserCheckRouteParams.php b/app/Http/Middleware/CurrentUserCheckRouteParams.php index b8e96733..1e41780e 100644 --- a/app/Http/Middleware/CurrentUserCheckRouteParams.php +++ b/app/Http/Middleware/CurrentUserCheckRouteParams.php @@ -45,10 +45,10 @@ class CurrentUserCheckRouteParams $used_id = Input::get('id',null); if(is_null($used_id)) - $used_id = $route->getParameter('user_id'); + $used_id = $route->parameter('user_id'); if(is_null($used_id)) - $used_id = $route->getParameter('id'); + $used_id = $route->parameter('id'); $user = $authentication_service->getCurrentUser(); if (is_null($used_id) || intval($used_id) !== intval($user->getId())) diff --git a/app/Http/Middleware/CurrentUserOwnsOAuth2Client.php b/app/Http/Middleware/CurrentUserOwnsOAuth2Client.php index e175fff3..83583235 100644 --- a/app/Http/Middleware/CurrentUserOwnsOAuth2Client.php +++ b/app/Http/Middleware/CurrentUserOwnsOAuth2Client.php @@ -58,10 +58,10 @@ class CurrentUserOwnsOAuth2Client { try{ $route = Route::getCurrentRoute(); - $client_id = $route->getParameter('id'); + $client_id = $route->parameter('id'); if(is_null($client_id)) - $client_id = $route->getParameter('client_id'); + $client_id = $route->parameter('client_id'); if(is_null($client_id)) $client_id = Input::get('client_id',null);; diff --git a/app/Http/Middleware/EncryptCookies.php b/app/Http/Middleware/EncryptCookies.php index d5c390ec..0493dbc7 100644 --- a/app/Http/Middleware/EncryptCookies.php +++ b/app/Http/Middleware/EncryptCookies.php @@ -1,14 +1,25 @@ cookies as $key => $c) { + foreach ($request->cookies as $key => $cookie) { if ($this->isDisabled($key)) { continue; } try { - $request->cookies->set($key, $this->decryptCookie($c)); + $request->cookies->set($key, $this->decryptCookie($key, $cookie)); } catch (DecryptException $e) { $request->cookies->set($key, null); } @@ -38,4 +55,5 @@ class EncryptCookies extends BaseEncrypter return $request; } + } diff --git a/app/Http/Middleware/OAuth2BearerAccessTokenRequestValidator.php b/app/Http/Middleware/OAuth2BearerAccessTokenRequestValidator.php index 60ee6c1b..2f1a0daf 100644 --- a/app/Http/Middleware/OAuth2BearerAccessTokenRequestValidator.php +++ b/app/Http/Middleware/OAuth2BearerAccessTokenRequestValidator.php @@ -28,13 +28,12 @@ use OAuth2\Responses\OAuth2WWWAuthenticateErrorResponse; use OAuth2\Services\ITokenService; use OAuth2\IResourceServerContext; use OAuth2\Repositories\IApiEndpointRepository; -use OAuth2\Services\IClientService; use URL\Normalizer; use Illuminate\Support\Facades\Route; use Exception; use Utils\Services\ICheckPointService; use Utils\Services\ILogService; - +use libs\utils\RequestUtils; /** * Class OAuth2BearerAccessTokenRequestValidator * this class implements the logic to Accessing to Protected Resources @@ -117,7 +116,7 @@ final class OAuth2BearerAccessTokenRequestValidator $realm = $request->getHost(); try { - $route_path = Route::getCurrentRoute()->getPath(); + $route_path = RequestUtils::getCurrentRoutePath($request); if (strpos($route_path, '/') != 0) $route_path = '/' . $route_path; diff --git a/app/Http/Middleware/RedirectIfAuthenticated.php b/app/Http/Middleware/RedirectIfAuthenticated.php index 1b129f19..83a17110 100644 --- a/app/Http/Middleware/RedirectIfAuthenticated.php +++ b/app/Http/Middleware/RedirectIfAuthenticated.php @@ -11,10 +11,8 @@ * See the License for the specific language governing permissions and * limitations under the License. **/ - use Closure; use Illuminate\Support\Facades\Auth; - /** * Class RedirectIfAuthenticated * @package App\Http\Middleware @@ -32,7 +30,7 @@ class RedirectIfAuthenticated public function handle($request, Closure $next, $guard = null) { if (Auth::guard($guard)->check()) { - return redirect('/'); + return redirect('/home'); } return $next($request); diff --git a/app/Http/Middleware/TrimStrings.php b/app/Http/Middleware/TrimStrings.php new file mode 100644 index 00000000..5a50e7b5 --- /dev/null +++ b/app/Http/Middleware/TrimStrings.php @@ -0,0 +1,18 @@ +pem_content; - $rsa = new Crypt_RSA(); + $rsa = new RSA(); if(!empty($this->password)){ $rsa->setPassword($this->password); diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index 61d1e318..86ea2446 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -31,9 +31,10 @@ class AppServiceProvider extends ServiceProvider */ public function boot() { - $monolog = Log::getMonolog(); - foreach($monolog->getHandlers() as $handler) { + $logger = Log::getLogger(); + + foreach($logger->getHandlers() as $handler) { $handler->setLevel(Config::get('log.level', 'error')); } @@ -44,11 +45,9 @@ class AppServiceProvider extends ServiceProvider if (!empty($to) && !empty($from)) { $subject = 'openstackid error'; - $mono_log = Log::getMonolog(); $handler = new NativeMailerHandler($to, $subject, $from); - $handler->setLevel(Config::get('log.email_level', 'error')); - $mono_log->pushHandler($handler); + $logger->pushHandler($handler); } diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 140fb6c0..ba6c2749 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -34,10 +34,9 @@ class AuthServiceProvider extends ServiceProvider * @param \Illuminate\Contracts\Auth\Access\Gate $gate * @return void */ - public function boot(GateContract $gate) + public function boot() { - $this->registerPolicies($gate); - + $this->registerPolicies(); // } } diff --git a/app/Providers/EventServiceProvider.php b/app/Providers/EventServiceProvider.php index 6c335ee6..b8279702 100644 --- a/app/Providers/EventServiceProvider.php +++ b/app/Providers/EventServiceProvider.php @@ -36,10 +36,8 @@ class EventServiceProvider extends ServiceProvider * @param \Illuminate\Contracts\Events\Dispatcher $events * @return void */ - public function boot(DispatcherContract $events) + public function boot() { - parent::boot($events); - - // - } + parent::boot(); + } } diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index ca348ee1..0dfa5c01 100644 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -34,9 +34,9 @@ final class RouteServiceProvider extends ServiceProvider * @param \Illuminate\Routing\Router $router * @return void */ - public function boot(Router $router) + public function boot() { - parent::boot($router); + parent::boot(); } /** diff --git a/app/Services/OAuth2/ApiEndpointService.php b/app/Services/OAuth2/ApiEndpointService.php index 7a42d2a3..d969d219 100644 --- a/app/Services/OAuth2/ApiEndpointService.php +++ b/app/Services/OAuth2/ApiEndpointService.php @@ -11,7 +11,6 @@ * See the License for the specific language governing permissions and * limitations under the License. **/ - use OAuth2\Models\IApiEndpoint; use OAuth2\Repositories\IApiEndpointRepository; use OAuth2\Repositories\IApiScopeRepository; @@ -21,12 +20,11 @@ use OAuth2\Exceptions\InvalidApiEndpoint; use OAuth2\Exceptions\InvalidApiScope; use Utils\Db\ITransactionService; use Utils\Exceptions\EntityNotFoundException; - /** * Class ApiEndpointService * @package Services\OAuth2 */ -class ApiEndpointService implements IApiEndpointService { +final class ApiEndpointService implements IApiEndpointService { /** * @var ITransactionService @@ -272,4 +270,15 @@ class ApiEndpointService implements IApiEndpointService { return true; }); } + + /** + * @param int $id + * @return mixed + */ + public function get($id) + { + return $this->tx_service->transaction(function () use($id){ + return $this->repository->get($id); + }); + } } \ No newline at end of file diff --git a/app/Services/OAuth2/HttpIClientJWKSetReader.php b/app/Services/OAuth2/HttpIClientJWKSetReader.php index 7edafae7..2f44a5e0 100644 --- a/app/Services/OAuth2/HttpIClientJWKSetReader.php +++ b/app/Services/OAuth2/HttpIClientJWKSetReader.php @@ -18,7 +18,8 @@ use OAuth2\Services\IClientJWKSetReader; use GuzzleHttp\Client as HttpClient; use GuzzleHttp\Exception\RequestException as HttpRequestException; use Utils\Http\HttpContentType; -use Log; +use Illuminate\Support\Facades\Log; +use Illuminate\Support\Facades\Config; /** * Class HttpIClientJWKSetReader * @package Services\OAuth2 @@ -28,7 +29,9 @@ final class HttpIClientJWKSetReader implements IClientJWKSetReader /** * @param IClient $client - * @return IJWKSet + * @return IJWKSet|null + * @throws \jwk\exceptions\InvalidJWKAlgorithm + * @throws \jwk\exceptions\JWKInvalidIdentifierException */ public function read(IClient $client) { diff --git a/app/Services/OAuth2/PrincipalService.php b/app/Services/OAuth2/PrincipalService.php index 5d902c22..47a336fb 100644 --- a/app/Services/OAuth2/PrincipalService.php +++ b/app/Services/OAuth2/PrincipalService.php @@ -11,7 +11,7 @@ * See the License for the specific language governing permissions and * limitations under the License. **/ - +use phpseclib\Crypt\Random; use Illuminate\Support\Facades\Cookie; use Illuminate\Support\Facades\Session; use Illuminate\Support\Facades\Log; @@ -78,7 +78,7 @@ final class PrincipalService implements IPrincipalService Log::debug(sprintf("PrincipalService::register user_id %s auth_time %s", $user_id, $auth_time)); Session::put(self::UserIdParam, $user_id); Session::put(self::AuthTimeParam, $auth_time); - $opbs = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)); + $opbs = bin2hex(Random::string(16)); Cookie::queue(IPrincipalService::OP_BROWSER_STATE_COOKIE_NAME, $opbs, $minutes = config("session.op_browser_state_lifetime"), $path = '/', $domain = null, $secure = false, $httpOnly = false); Log::debug(sprintf("PrincipalService::register opbs %s", $opbs)); Session::put(self::OPBrowserState, $opbs); diff --git a/app/Services/OAuth2/ServerPrivateKeyService.php b/app/Services/OAuth2/ServerPrivateKeyService.php index fd84d73e..d483c596 100644 --- a/app/Services/OAuth2/ServerPrivateKeyService.php +++ b/app/Services/OAuth2/ServerPrivateKeyService.php @@ -18,7 +18,7 @@ use OAuth2\Repositories\IServerPrivateKeyRepository; use Utils\Db\ITransactionService; use Models\OAuth2\ServerPrivateKey; use DateTime; -use Crypt_RSA; +use phpseclib\Crypt\RSA; use Services\Exceptions\ValidationException; /** @@ -29,7 +29,7 @@ final class ServerPrivateKeyService extends AsymmetricKeyService implements ISer { /** - * @var Crypt_RSA + * @var RSA */ private $rsa; @@ -45,7 +45,7 @@ final class ServerPrivateKeyService extends AsymmetricKeyService implements ISer ) { parent::__construct($repository, $tx_service); - $this->rsa = new Crypt_RSA(); + $this->rsa = new RSA(); } /** diff --git a/app/Services/OpenId/OpenIdMementoSessionSerializerService.php b/app/Services/OpenId/OpenIdMementoSessionSerializerService.php index 09480ec3..8ff8d7b9 100644 --- a/app/Services/OpenId/OpenIdMementoSessionSerializerService.php +++ b/app/Services/OpenId/OpenIdMementoSessionSerializerService.php @@ -14,7 +14,6 @@ use OpenId\Requests\OpenIdMessageMemento; use OpenId\Services\IMementoOpenIdSerializerService; use Illuminate\Support\Facades\Session; - /** * Class OpenIdMementoSessionSerializerService * @package Services\OpenId diff --git a/app/Services/OpenId/TrustedSitesService.php b/app/Services/OpenId/TrustedSitesService.php index c5acbe72..1b30534a 100644 --- a/app/Services/OpenId/TrustedSitesService.php +++ b/app/Services/OpenId/TrustedSitesService.php @@ -69,7 +69,7 @@ class TrustedSitesService implements ITrustedSitesService $site->user_id = $user->getId(); $site->data = json_encode($data); - return $this->repository->add($site)?$site:false; + return $this->repository->add($site) ? $site : false; } catch (Exception $ex) { $this->log_service->error($ex); diff --git a/app/Services/Utils/UtilsProvider.php b/app/Services/Utils/UtilsProvider.php index 90b84763..c9cf6646 100644 --- a/app/Services/Utils/UtilsProvider.php +++ b/app/Services/Utils/UtilsProvider.php @@ -11,13 +11,11 @@ * See the License for the specific language governing permissions and * limitations under the License. **/ - use Utils\Services\UtilsServiceCatalog; use Illuminate\Support\ServiceProvider; use Illuminate\Foundation\AliasLoader; use Illuminate\Support\Facades\App; use Illuminate\Support\Facades\Log; - /** * Class UtilsProvider * @package Services\Utils @@ -41,7 +39,7 @@ final class UtilsProvider extends ServiceProvider { App::singleton(UtilsServiceCatalog::BannedIpService, 'Services\\Utils\\BannedIPService'); // setting facade - $this->app['serverconfigurationservice'] = App::share(function ($app) { + App::singleton('serverconfigurationservice', function ($app) { return new ServerConfigurationService ( App::make(UtilsServiceCatalog::CacheService), @@ -50,7 +48,7 @@ final class UtilsProvider extends ServiceProvider { }); // setting facade - $this->app['externalurlservice'] = App::share(function ($app) { + App::singleton('externalurlservice', function ($app) { return new ExternalUrlService(); }); diff --git a/app/Validators/CustomValidator.php b/app/Validators/CustomValidator.php index d55ef77e..ad6ce83a 100644 --- a/app/Validators/CustomValidator.php +++ b/app/Validators/CustomValidator.php @@ -13,13 +13,13 @@ **/ use Illuminate\Validation\Validator; use Models\OAuth2\Client; -use Symfony\Component\Translation\TranslatorInterface; +use Illuminate\Contracts\Translation\Translator; use jwk\JSONWebKeyPublicKeyUseValues; use jwk\JSONWebKeyTypes; use OAuth2\OAuth2Protocol; use OAuth2\Models\IClient; use Utils\Services\IAuthService; -use Crypt_RSA; +use phpseclib\Crypt\RSA; /** * Class CustomValidator @@ -37,7 +37,7 @@ class CustomValidator extends Validator 'RequiredWithoutField' ); - public function __construct(TranslatorInterface $translator, $data, $rules, $messages = array()) + public function __construct(Translator $translator, $data, $rules, $messages = array()) { parent::__construct($translator, $data, $rules, $messages); $this->isImplicit('fail'); @@ -221,7 +221,7 @@ class CustomValidator extends Validator $PKCS8 = $res1 !== false && $res3 !== false; $PKCS1 = $res2 !== false && $res4 !== false; - $rsa = new Crypt_RSA; + $rsa = new RSA; $parsed = $rsa->loadKey($value); return ($PKCS8 || $PKCS1) && $parsed; @@ -229,7 +229,7 @@ class CustomValidator extends Validator public function validatePublicKeyPemLength($attribute, $value) { - $rsa = new Crypt_RSA(); + $rsa = new RSA(); $parsed = $rsa->loadKey($value); return $parsed && $rsa->getSize() > 1024; @@ -247,7 +247,7 @@ class CustomValidator extends Validator $encrypted = strpos($value,'ENCRYPTED') !== false ; $password_param = $parameters[0]; - $rsa = new Crypt_RSA; + $rsa = new RSA; if(isset($this->data[$password_param]) && $encrypted){ $rsa->setPassword($this->data[$password_param]); } @@ -262,7 +262,7 @@ class CustomValidator extends Validator $encrypted = strpos($value,'ENCRYPTED') !== false ; $password_param = $parameters[0]; - $rsa = new Crypt_RSA; + $rsa = new RSA; if(isset($this->data[$password_param]) && $encrypted){ $rsa->setPassword($this->data[$password_param]); } @@ -286,7 +286,7 @@ class CustomValidator extends Validator $pem_param = $parameters[0]; if(!isset($this->data[$pem_param])) return true; $pem_content = $this->data[$pem_param]; - $rsa = new Crypt_RSA; + $rsa = new RSA; $rsa->setPassword($value); $parsed = $rsa->loadKey($pem_content); return $parsed; @@ -301,7 +301,7 @@ class CustomValidator extends Validator $urls = explode(',', $value); $res = true; foreach ($urls as $url) { - $res = $app_type === IClient::ApplicationType_Native ? $this->validateCustomUrl($attribute, $url, $parameters): $this->validateSslurl($attribute, $url, $parameters); + $res = $app_type === IClient::ApplicationType_Native ? $this->validateCustomUrl($attribute, $url, $parameters): $this->validateSslurl($attribute, $url); if (!$res) { break; } @@ -324,7 +324,7 @@ class CustomValidator extends Validator $urls = explode(',', $value); $res = true; foreach ($urls as $url) { - $res = $this->validateSslurl($attribute, $url, $parameters); + $res = $this->validateSslurl($attribute, $url); if (!$res) { break; } diff --git a/app/libs/Auth/AuthService.php b/app/libs/Auth/AuthService.php index e9463c1f..d992289f 100644 --- a/app/libs/Auth/AuthService.php +++ b/app/libs/Auth/AuthService.php @@ -132,7 +132,7 @@ final class AuthService implements IAuthService } /** - * @return AuthorizationResponse_* + * @return string */ public function getUserAuthorizationResponse() { @@ -158,7 +158,7 @@ final class AuthService implements IAuthService public function setUserAuthorizationResponse($auth_response) { - Session::set("openid.authorization.response", $auth_response); + Session::put("openid.authorization.response", $auth_response); Session::save(); } @@ -216,7 +216,7 @@ final class AuthService implements IAuthService public function setUserAuthenticationResponse($auth_response) { - Session::set("openstackid.authentication.response", $auth_response); + Session::put("openstackid.authentication.response", $auth_response); Session::save(); } diff --git a/app/libs/OAuth2/GrantTypes/InteractiveGrantType.php b/app/libs/OAuth2/GrantTypes/InteractiveGrantType.php index 397c608a..deca85a8 100644 --- a/app/libs/OAuth2/GrantTypes/InteractiveGrantType.php +++ b/app/libs/OAuth2/GrantTypes/InteractiveGrantType.php @@ -57,7 +57,7 @@ use utils\exceptions\InvalidCompactSerializationException; use utils\factories\BasicJWTFactory; use Utils\Services\IAuthService; use Utils\Services\ILogService; - +use phpseclib\Crypt\Random; /** * Class InteractiveGrantType * @package OAuth2\GrantTypes @@ -327,8 +327,7 @@ abstract class InteractiveGrantType extends AbstractGrantType $session_id )); - // warning: mcrypt_create_iv deprecated on php 7.x - $salt = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)); + $salt = bin2hex(Random::string(16)); $message = "{$client_id}{$origin}{$session_id}{$salt}"; $this->log_service->debug_msg(sprintf( "InteractiveGrantType::getSessionState message %s", diff --git a/app/libs/OAuth2/Services/IApiEndpointService.php b/app/libs/OAuth2/Services/IApiEndpointService.php index eb6d607a..9cad59bc 100644 --- a/app/libs/OAuth2/Services/IApiEndpointService.php +++ b/app/libs/OAuth2/Services/IApiEndpointService.php @@ -69,6 +69,12 @@ interface IApiEndpointService { */ public function delete($id); + /** + * @param int $id + * @return mixed + */ + public function get($id); + /** * @param int $id * @param array $params diff --git a/app/libs/Utils/RequestUtils.php b/app/libs/Utils/RequestUtils.php new file mode 100644 index 00000000..247ad43a --- /dev/null +++ b/app/libs/Utils/RequestUtils.php @@ -0,0 +1,45 @@ +match($request); + if(is_null($route)) return false; + $route_path = $route->uri(); + if (strpos($route_path, '/') != 0) + $route_path = '/' . $route_path; + + return $route_path; + } + catch (\Exception $ex) + { + Log::error($ex); + } + return false; + } + +} \ No newline at end of file diff --git a/artisan b/artisan index df630d0d..5c23e2e2 100755 --- a/artisan +++ b/artisan @@ -1,6 +1,8 @@ #!/usr/bin/env php handle( | Shutdown The Application |-------------------------------------------------------------------------- | -| Once Artisan has finished running. We will fire off the shutdown events +| Once Artisan has finished running, we will fire off the shutdown events | so that any final work may be done by the application before we shut | down the process. This is the last thing to happen to the request. | diff --git a/bindep.txt b/bindep.txt index 87b01006..55338966 100644 --- a/bindep.txt +++ b/bindep.txt @@ -1,28 +1,21 @@ -mcrypt +php7.2 [platform:dpkg] -php [platform:ubuntu-xenial] -php5 [platform:dpkg !platform:ubuntu-xenial] +php7.2-cli [platform:dpkg] -php-cli [platform:rpm platform:ubuntu-xenial] -php5-cli [platform:dpkg !platform:ubuntu-xenial] +php7.2-common [platform:dpkg] -php-common [platform:ubuntu-xenial] -php5-common [platform:dpkg !platform:ubuntu-xenial] +php7.2-curl [platform:dpkg] -php-curl [platform:rpm platform:ubuntu-xenial] -php5-curl [platform:dpkg !platform:ubuntu-xenial] +php7.2-gd [platform:dpkg] -php-gd [platform:rpm platform:ubuntu-xenial] -php5-gd [platform:dpkg !platform:ubuntu-xenial] +php7.2-json [platform:dpkg] -php-json [platform:rpm platform:ubuntu-xenial] -php5-json [platform:dpkg !platform:ubuntu-xenial] +php7.2-mysqlnd [platform:dpkg] -php-mysql [platform:rpm platform:ubuntu-xenial] -php5-mysql [platform:dpkg !platform:ubuntu-xenial] +php7.2-xml [platform:dpkg] -php-gmp [platform:rpm platform:ubuntu-xenial] -php5-gmp [platform:dpkg !platform:ubuntu-xenial] +php7.2-mbstring [platform:dpkg] -php-mcrypt [platform:ubuntu-xenial] -php5-mcrypt [platform:dpkg !platform:ubuntu-xenial] +php7.2-gmp [platform:dpkg] + +php7.2-ssh2 [platform:dpkg] diff --git a/composer.json b/composer.json index 4f09492a..682ff18c 100644 --- a/composer.json +++ b/composer.json @@ -1,69 +1,92 @@ { - "name": "laravel/laravel", - "description": "The Laravel Framework.", - "keywords": ["framework", "laravel"], - "license": "MIT", - "type": "project", - "require": { - "php": ">=5.5.9", - "laravel/framework": "5.2.*", - "zendframework/zend-crypt": "2.6.*", - "zendframework/zend-math": "2.7.*", - "ircmaxell/random-lib": "1.1.*", - "greggilbert/recaptcha": "2.1.*", - "guzzlehttp/guzzle": "5.3.0", - "smarcet/jose4php": "1.0.15", - "glenscott/url-normalizer" : "1.4.*", - "jenssegers/agent": "2.3.*", - "predis/predis": "1.0.1", - "laravelcollective/html": "5.2.4" - }, - "require-dev": { - "fzaninotto/faker": "~1.4", - "phpunit/phpunit": "~4.0", - "symfony/css-selector": "2.8.*|3.0.*", - "symfony/dom-crawler": "2.8.*|3.0.*", - "doctrine/dbal": "*", - "mockery/mockery": "*", - "way/laravel-test-helpers": "dev-master" - }, - "autoload": { - "classmap": [ - "database", - "app", - "tests" - ], - "psr-4": { - "App\\" : "app/", - "Auth\\" : "app/libs/Auth/", - "OAuth2\\" : "app/libs/OAuth2/", - "OpenId\\" : "app/libs/OpenId/", - "Utils\\" : "app/libs/Utils/", - "Models\\" : "app/Models/" - } - }, - "autoload-dev": { - "classmap": [ - "tests/TestCase.php" - ] - }, - "scripts": { - "post-root-package-install": [ - "php -r \"copy('.env.example', '.env');\"" - ], - "post-create-project-cmd": [ - "php artisan key:generate" - ], - "post-install-cmd": [ - "Illuminate\\Foundation\\ComposerScripts::postInstall", - "php artisan optimize" - ], - "post-update-cmd": [ - "Illuminate\\Foundation\\ComposerScripts::postUpdate", - "php artisan optimize" - ] - }, - "config": { - "preferred-install": "dist" + "name": "openstack/openstackid", + "description": "OpenStackID IDP", + "keywords": [ + "idp", + "openstack", + "oauth2", + "openid2.0", + "jwt", + "oidc" + ], + "license": "MIT", + "type": "project", + "require": { + "php": "^7.1.3", + "fideloper/proxy": "^4.0", + "laravel/framework": "5.6.*", + "laravel/tinker": "^1.0", + "zendframework/zend-crypt": "3.3.0", + "zendframework/zend-math": "3.1.1", + "ircmaxell/random-lib": "1.1.*", + "greggilbert/recaptcha": "2.1.*", + "guzzlehttp/guzzle": "6.3.3", + "smarcet/jose4php": "dev-feature/php7.2-migration", + "glenscott/url-normalizer": "1.4.*", + "jenssegers/agent": "2.3.*", + "laravelcollective/html": "5.6.*", + "phpseclib/phpseclib": "2.0.11", + "predis/predis": "1.0.*", + "ext-json":"*", + "ext-pdo":"*" + }, + "require-dev": { + "filp/whoops": "^2.0", + "fzaninotto/faker": "^1.4", + "mockery/mockery": "^1.0", + "nunomaduro/collision": "^2.0", + "phpunit/phpunit": "^7.0", + "laravel/browser-kit-testing": "4.0.2" + }, + "suggest":{ + "lib-openssl": "Required to use AES algorithms (except AES GCM)", + "ext-json":"Required to use json algorithms" + }, + "autoload": { + "classmap": [ + "database/seeds", + "database/factories", + "database", + "app", + "tests" + ], + "psr-4": { + "App\\": "app/", + "Auth\\": "app/libs/Auth/", + "OAuth2\\": "app/libs/OAuth2/", + "OpenId\\": "app/libs/OpenId/", + "Utils\\": "app/libs/Utils/", + "Models\\": "app/Models/" } + }, + "autoload-dev": { + "psr-4": { + "Tests\\": "tests/" + } + }, + "extra": { + "laravel": { + "dont-discover": [ + ] + } + }, + "scripts": { + "post-root-package-install": [ + "@php -r \"file_exists('.env') || copy('.env.example', '.env');\"" + ], + "post-create-project-cmd": [ + "@php artisan key:generate" + ], + "post-autoload-dump": [ + "Illuminate\\Foundation\\ComposerScripts::postAutoloadDump", + "@php artisan package:discover" + ] + }, + "config": { + "preferred-install": "dist", + "sort-packages": true, + "optimize-autoloader": true + }, + "minimum-stability": "dev", + "prefer-stable": true } diff --git a/config/app.php b/config/app.php index 02cd5b98..c9cce3de 100644 --- a/config/app.php +++ b/config/app.php @@ -95,21 +95,6 @@ return [ 'cipher' => 'AES-256-CBC', - /* - |-------------------------------------------------------------------------- - | Logging Configuration - |-------------------------------------------------------------------------- - | - | Here you may configure the log settings for your application. Out of - | the box, Laravel uses the Monolog PHP logging library. This gives - | you a variety of powerful log handlers / formatters to utilize. - | - | Available Settings: "single", "daily", "syslog", "errorlog" - | - */ - - 'log' => env('APP_LOG', 'single'), - /* |-------------------------------------------------------------------------- | Autoloaded Service Providers diff --git a/config/hashing.php b/config/hashing.php new file mode 100644 index 00000000..d3c8e2fb --- /dev/null +++ b/config/hashing.php @@ -0,0 +1,52 @@ + 'bcrypt', + + /* + |-------------------------------------------------------------------------- + | Bcrypt Options + |-------------------------------------------------------------------------- + | + | Here you may specify the configuration options that should be used when + | passwords are hashed using the Bcrypt algorithm. This will allow you + | to control the amount of time it takes to hash the given password. + | + */ + + 'bcrypt' => [ + 'rounds' => env('BCRYPT_ROUNDS', 10), + ], + + /* + |-------------------------------------------------------------------------- + | Argon Options + |-------------------------------------------------------------------------- + | + | Here you may specify the configuration options that should be used when + | passwords are hashed using the Argon algorithm. These will allow you + | to control the amount of time it takes to hash the given password. + | + */ + + 'argon' => [ + 'memory' => 1024, + 'threads' => 2, + 'time' => 2, + ], + +]; diff --git a/config/logging.php b/config/logging.php new file mode 100644 index 00000000..4688639c --- /dev/null +++ b/config/logging.php @@ -0,0 +1,81 @@ + env('LOG_CHANNEL', 'stack'), + + /* + |-------------------------------------------------------------------------- + | Log Channels + |-------------------------------------------------------------------------- + | + | Here you may configure the log channels for your application. Out of + | the box, Laravel uses the Monolog PHP logging library. This gives + | you a variety of powerful log handlers / formatters to utilize. + | + | Available Drivers: "single", "daily", "slack", "syslog", + | "errorlog", "monolog", + | "custom", "stack" + | + */ + + 'channels' => [ + 'stack' => [ + 'driver' => 'stack', + 'channels' => ['daily'], + ], + + 'single' => [ + 'driver' => 'single', + 'path' => storage_path('logs/laravel.log'), + 'level' => 'debug', + ], + + 'daily' => [ + 'driver' => 'daily', + 'path' => storage_path('logs/laravel.log'), + 'level' => 'debug', + 'days' => 7, + ], + + 'slack' => [ + 'driver' => 'slack', + 'url' => env('LOG_SLACK_WEBHOOK_URL'), + 'username' => 'Laravel Log', + 'emoji' => ':boom:', + 'level' => 'critical', + ], + + 'stderr' => [ + 'driver' => 'monolog', + 'handler' => StreamHandler::class, + 'with' => [ + 'stream' => 'php://stderr', + ], + ], + + 'syslog' => [ + 'driver' => 'syslog', + 'level' => 'debug', + ], + + 'errorlog' => [ + 'driver' => 'errorlog', + 'level' => 'debug', + ], + ], + +]; diff --git a/config/session.php b/config/session.php index 316cf051..15714b48 100644 --- a/config/session.php +++ b/config/session.php @@ -162,9 +162,26 @@ return [ */ 'http_only' => env('SESSION_COOKIE_HTTP_ONLY', true), + + /* + |-------------------------------------------------------------------------- + | Same-Site Cookies + |-------------------------------------------------------------------------- + | + | This option determines how your cookies behave when cross-site requests + | take place, and can be used to mitigate CSRF attacks. By default, we + | do not enable this as other CSRF protection services are in place. + | + | Supported: "lax", "strict" + | + */ + + 'same_site' => null, + /* * http://openid.net/specs/openid-connect-session-1_0.html#OPiframe * OP Browser state lifetime */ 'op_browser_state_lifetime' => env('SESSION_OP_BROWSER_STATE_LIFETIME', 120) + ]; diff --git a/database/factories/UserFactory.php b/database/factories/UserFactory.php new file mode 100644 index 00000000..facf2337 --- /dev/null +++ b/database/factories/UserFactory.php @@ -0,0 +1,23 @@ +define(App\User::class, function (Faker $faker) { + return [ + 'name' => $faker->name, + 'email' => $faker->unique()->safeEmail, + 'password' => '$2y$10$TKh8H1.PfQx37YgCzwiKb.KjNyWgaHb9cbcoQgdIVFlYg7B77UdFm', // secret + 'remember_token' => str_random(10), + ]; +}); diff --git a/package-lock.json b/package-lock.json index 73610d74..8f52b62b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3841,11 +3841,13 @@ }, "balanced-match": { "version": "1.0.0", - "bundled": true + "bundled": true, + "optional": true }, "brace-expansion": { "version": "1.1.11", "bundled": true, + "optional": true, "requires": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -3858,15 +3860,18 @@ }, "code-point-at": { "version": "1.1.0", - "bundled": true + "bundled": true, + "optional": true }, "concat-map": { "version": "0.0.1", - "bundled": true + "bundled": true, + "optional": true }, "console-control-strings": { "version": "1.1.0", - "bundled": true + "bundled": true, + "optional": true }, "core-util-is": { "version": "1.0.2", @@ -3969,7 +3974,8 @@ }, "inherits": { "version": "2.0.3", - "bundled": true + "bundled": true, + "optional": true }, "ini": { "version": "1.3.5", @@ -3979,6 +3985,7 @@ "is-fullwidth-code-point": { "version": "1.0.0", "bundled": true, + "optional": true, "requires": { "number-is-nan": "^1.0.0" } @@ -3991,17 +3998,20 @@ "minimatch": { "version": "3.0.4", "bundled": true, + "optional": true, "requires": { "brace-expansion": "^1.1.7" } }, "minimist": { "version": "0.0.8", - "bundled": true + "bundled": true, + "optional": true }, "minipass": { "version": "2.2.4", "bundled": true, + "optional": true, "requires": { "safe-buffer": "^5.1.1", "yallist": "^3.0.0" @@ -4018,6 +4028,7 @@ "mkdirp": { "version": "0.5.1", "bundled": true, + "optional": true, "requires": { "minimist": "0.0.8" } @@ -4090,7 +4101,8 @@ }, "number-is-nan": { "version": "1.0.1", - "bundled": true + "bundled": true, + "optional": true }, "object-assign": { "version": "4.1.1", @@ -4100,6 +4112,7 @@ "once": { "version": "1.4.0", "bundled": true, + "optional": true, "requires": { "wrappy": "1" } @@ -4205,6 +4218,7 @@ "string-width": { "version": "1.0.2", "bundled": true, + "optional": true, "requires": { "code-point-at": "^1.0.0", "is-fullwidth-code-point": "^1.0.0", @@ -11087,11 +11101,6 @@ "punycode": "^2.1.0" } }, - "uri.js": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/uri.js/-/uri.js-0.1.3.tgz", - "integrity": "sha1-uT7umQWzyBucOLu83/9e9tDI3l8=" - }, "urijs": { "version": "1.19.1", "resolved": "https://registry.npmjs.org/urijs/-/urijs-1.19.1.tgz", diff --git a/phpunit.xml b/phpunit.xml index b22af540..62336dbd 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -8,7 +8,7 @@ convertWarningsToExceptions="true" processIsolation="false" stopOnFailure="false" - syntaxCheck="false"> +> ./tests/ diff --git a/public/assets/js/oauth2/profile/admin/server-private-keys.js b/public/assets/js/oauth2/profile/admin/server-private-keys.js index 7eb80f85..4bb535f6 100644 --- a/public/assets/js/oauth2/profile/admin/server-private-keys.js +++ b/public/assets/js/oauth2/profile/admin/server-private-keys.js @@ -30,7 +30,7 @@ todayBtn: "linked", clearBtn: true, todayHighlight: true, - orientation: "top right", + orientation: "bottom right", autoclose: true }); diff --git a/public/assets/js/oauth2/profile/edit-client-public-keys.js b/public/assets/js/oauth2/profile/edit-client-public-keys.js index b1462e77..30636800 100644 --- a/public/assets/js/oauth2/profile/edit-client-public-keys.js +++ b/public/assets/js/oauth2/profile/edit-client-public-keys.js @@ -10,7 +10,7 @@ todayBtn: "linked", clearBtn: true, todayHighlight: true, - orientation: "top right", + orientation: "bottom right", autoclose: true }); diff --git a/server.php b/server.php index f65c7c44..5fb6379e 100644 --- a/server.php +++ b/server.php @@ -4,7 +4,7 @@ * Laravel - A PHP Framework For Web Artisans * * @package Laravel - * @author Taylor Otwell + * @author Taylor Otwell */ $uri = urldecode( diff --git a/tests/ApiEndpointTest.php b/tests/ApiEndpointTest.php index d1019beb..788e00b0 100644 --- a/tests/ApiEndpointTest.php +++ b/tests/ApiEndpointTest.php @@ -1,13 +1,24 @@ getContent(); + $this->assertResponseStatus(404); } diff --git a/tests/ApiScopeTest.php b/tests/ApiScopeTest.php index 668fa5fb..4e7934a4 100644 --- a/tests/ApiScopeTest.php +++ b/tests/ApiScopeTest.php @@ -1,11 +1,23 @@ redis = Redis::connection(); + $this->redis->flushall(); + $this->prepareForTests(); + } + + + /** + * Migrates the database and set the mailer to 'pretend'. + * This will cause the tests to run quickly. + * + */ + protected function prepareForTests() + { + Artisan::call('migrate'); + //Mail::pretend(true); + $this->seed('TestSeeder'); + } +} diff --git a/tests/CacheServiceStub.php b/tests/CacheServiceStub.php index 18f17ba0..be724f2e 100644 --- a/tests/CacheServiceStub.php +++ b/tests/CacheServiceStub.php @@ -1,7 +1,21 @@ make(Kernel::class)->bootstrap(); + + return $app; + } +} \ No newline at end of file diff --git a/tests/CustomAuthProviderTest.php b/tests/CustomAuthProviderTest.php index 807b0ab1..e18c6d00 100644 --- a/tests/CustomAuthProviderTest.php +++ b/tests/CustomAuthProviderTest.php @@ -18,7 +18,7 @@ use OpenId\Services\OpenIdServiceCatalog; use Auth\Repositories\IUserRepository; use Auth\Repositories\IMemberRepository; use Auth\IAuthenticationExtensionService; - +use Tests\TestCase; /** * Class CustomAuthProviderTest */ diff --git a/tests/DiffieHellmanTest.php b/tests/DiffieHellmanTest.php index a1ead6c0..4a394698 100644 --- a/tests/DiffieHellmanTest.php +++ b/tests/DiffieHellmanTest.php @@ -1,10 +1,21 @@ get('/'); + + $response->assertStatus(200); + } +} diff --git a/tests/OAuth2ProtectedApiTest.php b/tests/OAuth2ProtectedApiTest.php index deae55dd..a70b8821 100644 --- a/tests/OAuth2ProtectedApiTest.php +++ b/tests/OAuth2ProtectedApiTest.php @@ -11,13 +11,11 @@ * See the License for the specific language governing permissions and * limitations under the License. **/ - use OAuth2\OAuth2Protocol; use Auth\User; use Utils\Services\IAuthService; use Illuminate\Support\Facades\Session; use Illuminate\Support\Facades\Config; - /** * Class OAuth2ProtectedApiTest */ @@ -67,7 +65,7 @@ abstract class OAuth2ProtectedApiTest extends OpenStackIDBaseTest { OAuth2Protocol::OAuth2Protocol_AccessType => OAuth2Protocol::OAuth2Protocol_AccessType_Offline, ); - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $response = $this->action("POST", "OAuth2\OAuth2ProviderController@auth", $params, diff --git a/tests/OAuth2ProtocolTest.php b/tests/OAuth2ProtocolTest.php index 19f65d7c..75917a23 100644 --- a/tests/OAuth2ProtocolTest.php +++ b/tests/OAuth2ProtocolTest.php @@ -17,7 +17,7 @@ use OAuth2\OAuth2Protocol; use Utils\Services\IAuthService; use Utils\Services\UtilsServiceCatalog; use Illuminate\Support\Facades\Session; - +use Illuminate\Support\Facades\Config; /** * Class OAuth2ProtocolTest * Test Suite for OAuth2 Protocol @@ -191,7 +191,7 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest OAuth2Protocol::OAuth2Protocol_AccessType => OAuth2Protocol::OAuth2Protocol_AccessType_Offline, ); - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $response = $this->action("POST", "OAuth2\OAuth2ProviderController@auth", $params, @@ -271,7 +271,7 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest OAuth2Protocol::OAuth2Protocol_AccessType => OAuth2Protocol::OAuth2Protocol_AccessType_Offline, ); - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $response = $this->action("POST", "OAuth2\OAuth2ProviderController@auth", $params, @@ -339,7 +339,7 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwTlfSyQ3x.openstack.client'; $client_secret = 'ITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhg'; - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); //do authorization ... @@ -491,7 +491,7 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwTlfSyQ3x.openstack.client'; $client_secret = 'ITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhg'; - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); //do authorization ... @@ -596,7 +596,7 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest $client_secret = 'ITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhg'; - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); //do authorization ... @@ -710,7 +710,7 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwTlfSyQ3x.openstack.client'; $client_secret = 'ITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhg'; - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); //do authorization ... @@ -822,7 +822,7 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwTlfSyQ3x.openstack.client'; $client_secret = 'ITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhgITc/6Y5N7kOtGKhg'; - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); //do authorization ... @@ -905,9 +905,9 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest public function testImplicitFlow() { - $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwKlfSyQ3x.openstack.client'; + $client_id = '1234/Vcvr6fvQbH4HyNgwKlfSyQ3x.openstack.client'; - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $params = array( 'client_id' => $client_id, @@ -943,9 +943,9 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest public function testTokenRevocation() { - $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwKlfSyQ3x.openstack.client'; + $client_id = '1234/Vcvr6fvQbH4HyNgwKlfSyQ3x.openstack.client'; - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $params = array( 'client_id' => $client_id, @@ -997,9 +997,9 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest public function testTokenRevocationInvalidClient() { - $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwKlfSyQ3x.openstack.client'; + $client_id = '1234/Vcvr6fvQbH4HyNgwKlfSyQ3x.openstack.client'; - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $params = array( 'client_id' => $client_id, @@ -1052,9 +1052,9 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest public function testTokenRevocationInvalidHint() { - $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwKlfSyQ3x.openstack.client'; + $client_id = '1234/Vcvr6fvQbH4HyNgwKlfSyQ3x.openstack.client'; - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $params = array( 'client_id' => $client_id, @@ -1107,9 +1107,9 @@ final class OAuth2ProtocolTest extends OpenStackIDBaseTest public function testTokenRevocationInvalidToken() { - $client_id = 'Jiz87D8/Vcvr6fvQbH4HyNgwKlfSyQ3x.openstack.client'; + $client_id = '1234/Vcvr6fvQbH4HyNgwKlfSyQ3x.openstack.client'; - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $params = array( 'client_id' => $client_id, diff --git a/tests/OAuth2UserServiceApiTest.php b/tests/OAuth2UserServiceApiTest.php index ab0644fd..8b058ffb 100644 --- a/tests/OAuth2UserServiceApiTest.php +++ b/tests/OAuth2UserServiceApiTest.php @@ -1,11 +1,21 @@ assertTrue(array_key_exists('error', $output)); $this->assertTrue(!empty($output['error'])); - $this->assertTrue($output['error'] === OAuth2Protocol::OAuth2Protocol_Error_Interaction_Required); - + $this->assertTrue($output['error'] === OAuth2Protocol::OAuth2Protocol_Error_Login_Required); } public function testLoginWithTrailingSpace() diff --git a/tests/OpenIdProtocolTest.php b/tests/OpenIdProtocolTest.php index f64af613..e3065930 100644 --- a/tests/OpenIdProtocolTest.php +++ b/tests/OpenIdProtocolTest.php @@ -1,5 +1,16 @@ g = '1'; $this->private = '84009535308644335779530519631942543663544485189066558731295758689838227409144125540638118058012144795574289866857191302071807568041343083679600155026066530597177004145874642611724010339353151653679189142289183802715816551715563883085859667759854344959305451172754264893136955464706052993052626766687910313992'; @@ -428,7 +440,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest $this->assertTrue(isset($openid_response['enc_mac_key'])); $this->assertTrue(isset($openid_response['expires_in'])); - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $params = array( OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS) => OpenIdProtocol::OpenID2MessageType, @@ -539,7 +551,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest public function testAuthenticationCheckImmediateAuthenticationPrivateSession() { //set login info - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); //add trusted site $site = new OpenIdTrustedSite; @@ -598,7 +610,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest public function testAuthenticationCheckImmediateAuthenticationPrivateSession_SetupNeeded() { //set login info - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $this->user->trusted_sites()->delete(); $params = array( OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS) => OpenIdProtocol::OpenID2MessageType, @@ -634,7 +646,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest { //set login info - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowForever); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowForever); $sreg_required_params = array('email', 'fullname', 'nickname'); $params = array( @@ -708,7 +720,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest { //set login info - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowForever); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowForever); $sreg_required_params = array('email', 'fullname'); $params = array( @@ -782,7 +794,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest { //set login info - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowForever); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowForever); $sreg_required_params = array('email', 'fullname'); $params = array( @@ -982,7 +994,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest { //set login info - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $scope = array( sprintf('%s/resource-server/read', $this->current_realm), @@ -1063,7 +1075,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest { //set login info - Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); + Session::put("openid.authorization.response", IAuthService::AuthorizationResponse_AllowOnce); $scope = array( sprintf('%s/resource-server/read', $this->current_realm), diff --git a/tests/OpenStackIDBaseTest.php b/tests/OpenStackIDBaseTest.php index de86a3a2..6272055d 100644 --- a/tests/OpenStackIDBaseTest.php +++ b/tests/OpenStackIDBaseTest.php @@ -11,14 +11,13 @@ * See the License for the specific language governing permissions and * limitations under the License. **/ - use Illuminate\Support\Facades\Schema; use Illuminate\Support\Facades\DB; - +use Tests\BrowserKitTestCase; /** * Class OpenStackIDBaseTest */ -abstract class OpenStackIDBaseTest extends TestCase { +abstract class OpenStackIDBaseTest extends BrowserKitTestCase { protected function prepareForTests() { diff --git a/tests/ResourceServerApiTest.php b/tests/ResourceServerApiTest.php index 965428ad..56d8df00 100644 --- a/tests/ResourceServerApiTest.php +++ b/tests/ResourceServerApiTest.php @@ -1,15 +1,26 @@ make(Illuminate\Contracts\Console\Kernel::class)->bootstrap(); - - return $app; - } - - public function __construct(){ - - } - - public function setUp() - { - parent::setUp(); // Don't forget this! - $this->redis = Redis::connection(); - $this->redis->flushall(); - $this->prepareForTests(); - } - - - /** - * Migrates the database and set the mailer to 'pretend'. - * This will cause the tests to run quickly. - * - */ - protected function prepareForTests() - { - Artisan::call('migrate'); - //Mail::pretend(true); - $this->seed('TestSeeder'); - } + use CreatesApplication; } diff --git a/tests/TokenRepositoryTest.php b/tests/TokenRepositoryTest.php index a0d106d2..00952055 100644 --- a/tests/TokenRepositoryTest.php +++ b/tests/TokenRepositoryTest.php @@ -1,5 +1,4 @@ app[\OAuth2\Repositories\IAccessTokenRepository::class]; diff --git a/tests/TrustedSitesServiceTest.php b/tests/TrustedSitesServiceTest.php index 12e8bc02..2f4bf662 100644 --- a/tests/TrustedSitesServiceTest.php +++ b/tests/TrustedSitesServiceTest.php @@ -1,20 +1,27 @@ app[OpenIdServiceCatalog::TrustedSitesService]; - - $user = Factory::create(User::class); - + $user = User::where('identifier','=','sebastian.marcet')->first(); $res = $service->addTrustedSite($user, $realm = 'https://www.test.com', IAuthService::AuthorizationResponse_AllowForever, $data = array()); $this->assertTrue(!is_null($res)); - } - - public function testGetTrustedSitesByRealm(){ $realm = 'https://*.test.com'; $service = $this->app[OpenIdServiceCatalog::TrustedSitesService]; - $user = Factory::create(User::class); + $user = User::where('identifier','=','sebastian.marcet')->first(); $res = $service->addTrustedSite($user, $realm, IAuthService::AuthorizationResponse_AllowForever, $data = array('email','profile','address')); diff --git a/tests/Unit/ExampleTest.php b/tests/Unit/ExampleTest.php new file mode 100644 index 00000000..e9fe19c6 --- /dev/null +++ b/tests/Unit/ExampleTest.php @@ -0,0 +1,19 @@ +assertTrue(true); + } +} diff --git a/tests/UserGeneratorServiceTest.php b/tests/UserGeneratorServiceTest.php index fba263fa..2ec10891 100644 --- a/tests/UserGeneratorServiceTest.php +++ b/tests/UserGeneratorServiceTest.php @@ -1,5 +1,4 @@